x0rz @x0rz@mastodon.social

Tweets are automatically forwarded from https://twitter.com/x0rz

Hospital security: unsupervised & unlocked computers sitting in an open hallway. Screens showed names + medical data of patients... yuck 😷 https://t.co/zjsNYwSJmE

View from the Bastide de Domme, Dordogne, #France 🇫🇷 https://t.co/oylFOs0Lnm

Fully functional version of DanderSpritz https://github.com/francisck/DanderSpritz_lab #DanderSpritz #NSA #redteam https://t.co/be0DqTOmm3

#NotTheOnion 🇯🇵 https://www.theguardian.com/world/2018/jun/21/japanese-worker-punished-for-starting-lunch-three-minutes-early

Does anyone know any good tool to make cool graphs of connections between Twitter accounts? (which community, etc.)
Thanks!

phpMyAdmin 4.8.x LFI to RCE https://blog.vulnspy.com/2018/06/21/phpMyAdmin-4-8-x-Authorited-CLI-to-RCE/ #phpmyadmin #vulnerability https://t.co/J6VyB5UF03

That's enough Internet for today. Good night my dudes. Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaah

Why am I just discovering the It Is Wednesday My Dudes meme now? https://www.youtube.com/watch?v=du-TY1GUFGk

Great walk-through explanation of DNS Rebinding attacks by @brannondorsey https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325 #redteam #pentest #DNS #vulnerability

http://old-uptime.io/horror-stories.html

^ We need this :D

The sad truth behind SoC/CSIRTs: you get overwhelmed with AV detection

Soft war is really about software.
Recommended reading: French techno-thriller novel from 1984 https://en.wikipedia.org/wiki/Softwar https://t.co/9e8GXt08pJ

Japanese engineer gets his computer seized, questioned by police and fined 100k yen (~785€) for adding a #CoinHive script on his website 😐 https://doocts.com/3403

Reading a few tweets that redteam is actually hard, that the attacker doesn't have an advantage. Well yeah... but blueteam is also terrible at metrics. You could never know if you have been pwned and live with it. Both jobs can be extremely frustrating and equally hard. https://t.co/0jHn3lKDg5

Root Cause Analysis of a Non-Deterministic JavaScriptCore Bug https://blog.ret2.io/2018/06/19/pwn2own-2018-root-cause-analysis/ #vulnerability #debugging

#Protip: you can get $25 @protonmail worth of credit for $1 only, using @Humble (and many more software for a cheap price, plus you can give that money to the @eff 😎) https://www.humblebundle.com/software/cybersecurity-software-bundle #cybersecurity #software #bundle

Rock, paper, or scissors? (RT for science!)

Rock, paper, or scissors? - (Reply for science)

Backdooring your server through its BMC (Baseboard Management Controller): the HPE iLO4 case https://airbus-seclab.github.io/ilo/SSTIC2018-Slides-EN-Backdooring_your_server_through_its_BMC_the_HPE_iLO4_case-perigaud-gazet-czarny.pdf (PDF) #SSTIC #iLO4 #vulnerability https://t.co/IMZrm0whEW

me browsing this fake Signal website https://t.co/aqnC3qBLeC